[Mesa-dev] [Bug 91098] vmwgfx null ptr dereference at vmw_screen_ioctl.c:76 due to ioctl failure

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Wed Jun 24 14:03:27 PDT 2015


https://bugs.freedesktop.org/show_bug.cgi?id=91098

--- Comment #1 from Thomas Hellström <thellstrom at vmware.com> ---
Hi.

Thanks for the bug report.

I think the root problem is gnome-shell(gdm) dropping its master privileges and
then trying to render.

The reason this is not allowed in the vmwgfx driver is the following scenario:
1) A user switches away the X server VT and gets a console terminal.
2) User launches a DRM-aware malicious app that becomes master and
authenticates itself.
3) The user switches back the X server
4) The malicious app can now open exported buffer objects at will and access or
manipulate user private data. This is correctly blocked in the vmwgfx driver.

So this is AFAICT a gnome-shell (gdm mode) bug. It shouldn't render when it
drops its master privileges, so the gnome bugzilla would be good to start with.
We'll follow up.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/mesa-dev/attachments/20150624/aa4b8c16/attachment.html>


More information about the mesa-dev mailing list